1 Computer Crime investigation & Computer FORENSICS. Source: Information Systems Security, Summer 97, Vol. 6 Issue 2, p56, 25p. Computer Crime investigation and Computer forensics are evolving so that they are affected by many external factors, such as continued advancements in technology, societal issues, and legal issues. Computer security practitioners must be aware of the myriad technological and legal issues that affect systems and users, including issues dealing with investigations and enforcement. Incidents of Computer -related Crime and telecommunications fraud have increased dramatically over the past decade. However, because of the esoteric nature of this Crime , there have been very few prosecutions and even fewer convictions. The new technology that has allowed for the advancement and automation of many business processes, has also opened the door to many new forms of Computer abuse. Although some of these system attacks merely use contemporary methods to commit older, more familiar types of Crime , others involve the use of completely new forms of criminal activity that has evolved along with the technology.
2 Computer Crime investigation and Computer forensics are also evolving. They are sciences affected by many external factors, such as continued advancements in technology, societal issues, and legal issues. Many gray areas need to be sorted out and tested through the courts. Until then, the system attackers will have an advantage, and Computer abuse will continue to increase. Computer security practitioners must be aware of the myriad technological and legal issues that affect systems and users, including issues dealing with investigations and enforcement. This article covers each area of Computer Crime investigation and Computer forensics. Computer Crime . According to the American Heritage Dictionary, a Crime is any act committed or omitted in violation of the law. This definition causes a perplexing problem for law enforcement when dealing with Computer -related Crime , because much of today's Computer -related Crime is without violation of any formal law.
3 This may seem to be a contradictory statement, but traditional criminal statutes, in most states, have only been modified over the years to reflect the theories of modern criminal justice. These laws generally envision applications to situations involving traditional types of criminal activity, such as burglary, larceny, and fraud. Unfortunately, the modern criminal has kept apace with the vast advancements in technology and has found ways to apply such innovations as the Computer to his criminal ventures. Unknowingly and probably unintentionally, he or she has also revealed the difficulties in applying older traditional laws to situations involving Computer -related crimes. In 1979, the Department of Justice established a definition for Computer Crime , stating that: a Computer Crime is any illegal act for which knowledge of Computer technology is essential for its perpetration, investigation , or prosecution.
4 This definition was too broad and has since been further refined by new or modified state and federal criminal statutes. Criminal Law Criminal law identifies a Crime as being a wrong against society. Even if an individual is victimized, under the law, society is the victim. A conviction under criminal law normally results in a jail term or probation for the defendant. It could also result in a financial award to the victim as restitution for the Crime . The main purpose of prosecuting under criminal law is punishment for the offender. This punishment is also meant to serve as a deterrent against future Crime . The deterrent aspect of punishment only works if the punishment is severe enough to discourage further criminal activity. This is certainly not the case in the US, where very few Computer criminals ever go to jail. In other areas of the world, very strong deterrents exist. For example, in China in 1995, a Computer hacker was executed after being found guilty of embezzling $200,000 from a national bank.
5 This certainly will have a dissuading value for other hackers in China. To be found guilty of a criminal offense under criminal law, the jury must believe, beyond a reasonable doubt, that the offender is guilty of the offense. The lack of technical expertise, combined with the many confusing questions posed by the defense attorney, may cause doubt for many jury members, thus rendering a notguilty decision. The only short-term solution to this problem is to provide simple testimony in laymen's terms and to use demonstrative evidence whenever possible. Even with this, it will be difficult for many juries to return a guilty verdict. Criminal conduct is broken down into two classifications depending on severity. A felony is the more serious of the two, normally resulting in a jail term of more than one year. Misdemeanors are normally punishable by a fine or a jail sentence of less than a year. It is important to understand that to deter future attacks, stricter sentencing must be sought, which only occurs under the felonious classification.
6 The type of attack or the total dollar loss has a direct relationship to the Crime classification. Criminal law falls under two main jurisdictions: federal and state. Although there is a plethora of federal and state statutes that may be used against traditional criminal offenses, and even though many of these same statues may apply to Computer -related crimes with some measure of success, it is clear that many cases fail to reach prosecution or fail to result in conviction because of the gaps that exist in the federal criminal code and the individual state criminal statutes. Because of this, almost every state, along with the federal government, has adopted new laws specific to computerrelated abuses. These new laws, which have been redefined over the years to keep abreast of the constant changes in the technological forum, have been subjected to an ample amount of scrutiny due to many social issues that have been affected by the proliferation of computers in society.
7 Some of these issues, such as privacy, copyright infringement, and software ownership, are yet to be resolved. More changes to the current collection of laws can be expected. Some of the Computer related crimes that are addressed by the new state and federal laws are: Unauthorized access. Exceeding authorized access. Intellectual property theft or misuse of information. Pornography. Theft of services. Forgery. Property theft ( , Computer hardware and chips). Invasion of privacy. Denial of services. Computer fraud. Viruses. Sabotage ( , data alteration or malicious destruction). Extortion. Embezzlement. Espionage. Terrorism. All but one state, Vermont, have created or amended laws specifically to deal with Computer -related Crime . Twenty-five states have enacted specific Computer Crime statutes, and the other 24 states have merely amended their traditional criminal statutes to confront Computer Crime issues.
8 Vermont has announced legislation under Bill that deals with the theft of Computer services. The elements of proof, which define the basis of the criminal activity, vary from state to state. Security practitioners should be fully cognizant of their state laws, specifically the elements of proof. In addition, traditional criminal statutes, such as theft, fraud, extortion, and embezzlement, can still be used to prosecute Computer Crime . Just as there has been numerous new legislation at the state level, there have also been many new federal policies, such as the Electronic Communications Privacy Act and the Computer Fraud and Abuse Act of 1986. They have been established to deal precisely with Computer and telecommunications abuses at the federal level. Moreover, many modifications and updates have been made to the Federal Criminal Code, Section 1030, to deal with a variety of computerrelated abuses. Even though these new laws have been adopted for use in the prosecution of a Computer -related offense, some of the older, proven federal laws, discussed later, offer a simpler case to present to judges and juries: Wire fraud.
9 Mail fraud. Interstate transportation of stolen property. Racketeer influenced and corrupt organizations (RICO). Civil Law Civil law (or tort law) identifies a tort as a wrong against an individual or business, which normally results in damage or loss to that individual or business. The major differences between criminal and civil law is the type of punishment and the level of proof required to obtain a guilty verdict. There is no jail sentence under the civil law system. Victims may receive financial or injunctive relief as restitution for their loss. An injunction against the offender will attempt to thwart any further loss to the victim. In addition, a violation of the injunction may result in a contempt of court order, which places the offender in jeopardy of going to jail. The main purpose of seeking civil remedy is for financial restitution, which can be awarded as follows: Compensatory damages. Punitive damages.
10 Statutory damages. In a civil action, if there is no culpability on the part of the victim, the victim may be entitled to compensatory ( , restitutive) and punitive damages. Compensatory damages are actual damages to the victim and include attorney fees, lost profits, and investigation costs. Punitive damages are damages set by the jury with the intent to punish the offender. Even if the victim is partially culpable, an award may be made on the victims' behalf, but may be lessened due to the victims' culpable negligence. Statutory damages are damages determined by law. Mere violation of the law entitles the victim to a statutory award. Civil cases are much easier to convict under because the burden of proof required for the conviction is much less. To be found guilty of a civil wrong, the jury must believe, based only on the preponderance of the evidence, that the offender is guilty of the offense. It is much easier to show that the majority ( , S 1%) of the evidence is pointing to the defendant's guilt.